|
@@ -1,4 +1,4 @@
|
|
|
-policy_module(supervisor, 0.1.18)
|
|
|
+policy_module(supervisor, 0.1.19)
|
|
|
|
|
|
########################################
|
|
|
#
|
|
@@ -44,7 +44,7 @@ init_system_domain(supervisorctl_t,supervisorctl_exec_t)
|
|
|
# Local policy
|
|
|
#
|
|
|
|
|
|
-allow supervisor_t self:capability sys_tty_config;
|
|
|
+allow supervisor_t self:capability { sys_tty_config chown };
|
|
|
allow supervisor_t self:fifo_file { ioctl read write getattr };
|
|
|
allow supervisor_t self:process setpgid;
|
|
|
allow supervisor_t self:capability { setuid setgid };
|
|
@@ -58,6 +58,8 @@ miscfiles_read_localization(supervisor_t)
|
|
|
dev_read_urand(supervisor_t)
|
|
|
kernel_read_system_state(supervisor_t)
|
|
|
|
|
|
+init_manage_utmp(supervisor_t)
|
|
|
+
|
|
|
read_files_pattern(supervisor_t,supervisor_etc_t,supervisor_etc_t)
|
|
|
search_dirs_pattern(supervisor_t,supervisor_etc_t,supervisor_etc_t)
|
|
|
allow supervisor_t supervisor_etc_t:dir read;
|